Hi! Does anyone here have working inner tunnel proxying with freeradius 2.0.x?
Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization. Switched to FreeRadius 2.0.1 from 1.1.7. What I need: extract MSCHAPv2 auth from PEAP, proxy auth to external server which knows nothing about EAP. All configs are almost default from distribution. Key changes: in eap.conf: peap { default_eap_type = mschapv2 copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = no virtual_server = "proxy-inner-tunnel" } proxy-inner-tunnel is taken from examples with modified realm name: server proxy-inner-tunnel { authorize { update control { Proxy-To-Realm := "xxx" } } } As a result, no proxying has been done by freeradius: PEAP: Sending tunneled request EAP-Message = 0x0206000801616161 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "aaa" server proxy-inner-tunnel { Tue Feb 5 14:56:01 2008 : Debug: +- entering group authorize Tue Feb 5 14:56:01 2008 : Debug: ++[control] returns notfound } # server proxy-inner-tunnel PEAP: Got tunneled reply RADIUS code 0 Tue Feb 5 14:56:01 2008 : Debug: PEAP: Tunneled authentication will be proxied to xxx Tue Feb 5 14:56:01 2008 : Debug: Tunneled session will be proxied. Not doing EAP. Tue Feb 5 14:56:01 2008 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Tue Feb 5 14:56:01 2008 : Debug: ++[eap] returns handled Tue Feb 5 14:56:01 2008 : Debug: There was no response configured: rejecting request 6 Tue Feb 5 14:56:01 2008 : Debug: Found Post-Auth-Type Reject Tue Feb 5 14:56:01 2008 : Debug: +- entering group REJECT .... -- Best wishes, Dmitry Sergienko (SDA104-RIPE) Trifle Co., Ltd. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html